Onjiniyela be-Linux baxoxa ngokususa i-ReiserFS

Darkcrizt

Imizuzu ye-4

Iyini i-Linux futhi ingeyani?

UMathewu Wilcox i-oracle, eyaziwa ngokudala umshayeli we-nvme (NVM Express) kanye nendlela yokufinyelela okuqondile ohlelweni lwefayela le-DAX, iphakamise ukususa uhlelo lwefayela le-ReiserFS ku-Linux kernel ngokufanisa nezinhlelo zefayela ezihoxisiwe ze-ext kanye ne-xiafs noma ngokufushanisa ikhodi ye-ReiserFS, kushiye usekelo "lokufunda kuphela" kuphela.

Kushiwo lokho isizathu sokususwa kwaba ubunzima obengeziwe ngesibuyekezo wengqalasizinda ye-kernel, ebangelwa ukuthi, ikakhulukazi i-ReiserFS, onjiniyela baphoqeleka ukuthi bashiye isibambi sefulegi esihoxisiwe AOP_FLAG_CONT_EXPAND ku-kernel, njengoba i-ReiserFS kusewukuphela kwesistimu yefayela esebenzisa lo msebenzi "bhala_qala" » ku-Kernel.

Ngesikhathi esifanayo, ukulungiswa kokugcina kukhodi ye-ReiserFS kuhlehlela emuva ku-2019, futhi akucaci ukuthi le FS ifunwa kangakanani futhi uma beqhubeka nokuyisebenzisa.

Ngokunikezwa lokhu, unjiniyela we-SUSE uvumile ngokuthi i-ReiserFS isendleleni eya ekuhoxisweni, kodwa akucaci ukuthi yehliswe ngokwanele yini ukuthi ingakhishwa ku-kernel, njengoba isho ukuthi i-ReiserFS iyaqhubeka nokuthunyelwa nge-openSUSE kanye ne-SLES, kodwa isisekelo sabasebenzisi bohlelo lwefayela sincane futhi siyancipha.

Kubasebenzisi bezinkampani, ukusekelwa kwe-ReiserFS ku-SUSE kwanqanyulwa eminyakeni engu-3-4 edlule futhi imojula ye-ReiserFS ayifakiwe ne-kernel ngokuzenzakalelayo. Njengenketho, u-Ian uphakamise ukuthi siqale ukubonisa isexwayiso sokuhoxiswa lapho sikhweza izingxenye ze-ReiserFS futhi sicabangele lolu hlelo lwefayela olulungele ukususwa uma kungekho muntu osazisa ngesifiso sokuqhubeka nokusebenzisa lolu hlelo lwefayela onyakeni owodwa noma emibili.

Edward Shishkin, egcina uhlelo lwefayela le-ReiserFS, ujoyine ingxoxo futhi wanikeza isiqeshana esisusa ukusetshenziswa kwefulegi le-AOP_FLAG_CONT_EXPAND yekhodi ye-ReiserFS. UMatthew Wilcox wamukele isichibi esakhiweni sakhe. Ngakho-ke, isizathu sokususwa sisusiwe, futhi umbuzo wokukhipha i-ReiserFS ku-kernel ungabhekwa njengehlehlisiwe isikhathi eside.

Ngeke kwenzeke ukuthi kukhishwe ngokuphelele udaba lokuhoxiswa kwe-ReiserFS ngenxa yomsebenzi wokukhishwa kwe-kernel ezinhlelweni zamafayela ngodaba olungaxazululiwe lwango-2038.

Ngokwesibonelo, ngenxa yalesi sizathu, uhlelo seluvele lulungisiwe ukuze kukhishwe inguqulo yesine yefomethi yesistimu yefayela le-XFS ku-kernel (Ifomethi entsha ye-XFS yahlongozwa ku-kernel 5.10 futhi yashintsha ukuchichima kwekhawunta yesikhathi kwaba ngu-2468.) Ukwakhiwa kwe-XFS v4 kuzokhutshazwa ngokuzenzakalela ngo-2025 futhi ikhodi izosuswa ngo-2030). Kuhlongozwa ukuthuthukisa umugqa wesikhathi ofanayo we-ReiserFS, uhlinzeke okungenani iminyaka emihlanu yokuthuthela kwamanye amasistimu wefayela noma ifomethi yemethadatha elungisiwe.

Ngaphandle kwalokho, Kubuye kugqame obekwaziwa ezinsukwini ezimbalwa ezedlule izindaba zokuba sengozini (CVE-2022-25636) ku-Netfilter, engavumela ukwenziwa kwekhodi yezinga le-kernel.

Ukuba sengozini kungenxa yephutha ekubaleni usayizi we-flow->rule->action.entries emsebenzini wokulayisha we-nft_fwd_dup_netdev_offload (okuchazwe kufayela le-net/netfilter/nf_dup_netdev.c), okungabangela idatha elawulwa umhlaseli obhalayo. endaweni yenkumbulo engaphandle kwebhafa eyabelwe.

Iphutha liziveza lapho kulungiswa imithetho ethi "dup" kanye "ne-fwd" kumaketango lapho kusetshenziswa khona ukusheshisa kwehadiwe ukucutshungulwa kwephakethe (ukulanda) . Ngenxa yokuthi ukuchichima kwenzeka ngaphambi kokuthi kudalwe umthetho wesihlungi sephakethe nokusekelwa kokulayisha kuqinisekiswe, ubungozi busebenza nakumadivayisi enethiwekhi angasekeli ukusheshiswa kwezingxenyekazi zekhompuyutha, njengesixhumi esibonakalayo se-loopback. .

Kuyabonakala ukuthi Inkinga kulula ukuyisebenzisa, njengoba amanani adlulela ngale kwebhafa angakwazi ukubhala phezu kwesikhombi esakhiweni se-net_device, futhi idatha mayelana nenani elibhalwe ngaphezulu ibuyiselwa esikhaleni somsebenzisi, okuvumela amakheli enkumbulweni adingekayo ukuze kuqhutshekwe nokuhlasela ukuthi kutholwe.

Kusizakala ukuba sengozini idinga ukwakhiwa kwemithetho ethile kuma-nftables, okungenzeka kuphela ngamalungelo e-CAP_NET_ADMIN, angatholwa umsebenzisi ongenalo ilungelo endaweni yamagama yenethiwekhi ehlukile (Izikhala Zamagama Zenethiwekhi). Ukuba sengozini kungase futhi kusetshenziselwe ukuhlasela amasistimu okuhlukanisa iziqukathi.

Kumenyezelwe isibonelo sokuxhaphaza okuvumela umsebenzisi wendawo ukuthi akhuphule amalungelo akhe ku-Ubuntu 21.10 ngomshini wokuvikela we-KASLR ukhutshaziwe. Inkinga izibonakalisa njenge-kernel 5.4. Isixazululo sisatholakala njengesichibi.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   UDiego German Gonzalez kusho
    kwenza iminyaka 2

    Umqambi wefomethi yefayela ubedonsa isigwebo kusukela ngo-2008 ngokubulala owesifazane. Kuthiwa izophuma ngonyaka ozayo. Mhlawumbe ithola amabhethri futhi ixazulule zonke izinkinga.
    Kunoma yikuphi, kuyisibonelo sezinzuzo zomthombo ovulekile ukuthi amaphrojekthi aqhubeke ngaphezu kwabantu.

    Phendula u-Diego Germán González